Cisco Cisco Email Security Appliance X1070 Betriebsanweisung
27-28
Cisco AsyncOS 8.0.2 for Email User Guide
Chapter 27 Quarantines
Configuring the Spam Quarantine
End Users Accessing the Spam Quarantine
End users can access the spam quarantine via a link in the notification they receive. When accessing the
quarantine via this method, LDAP or IMAP/POP authentication is not required (end users do not have
to authenticate themselves). Note that the links present in the notification messages do not expire, so end
users can use these links to view their quarantined messages without having to authenticate.
quarantine via this method, LDAP or IMAP/POP authentication is not required (end users do not have
to authenticate themselves). Note that the links present in the notification messages do not expire, so end
users can use these links to view their quarantined messages without having to authenticate.
Users can also access the quarantine by entering a link in their web browser directly. When accessing
the quarantine via a URL typed into a web browser, users will have to authenticate. The authentication
method — LDAP or “mailbox” (IMAP/POP) — is defined in the End User Quarantine Access section
of the quarantine settings (see
the quarantine via a URL typed into a web browser, users will have to authenticate. The authentication
method — LDAP or “mailbox” (IMAP/POP) — is defined in the End User Quarantine Access section
of the quarantine settings (see
LDAP Authentication Process
1.
A user enters their username and password into the web UI login page.
2.
The spam quarantine connects to the specified LDAP server either to perform an anonymous search
or as an authenticated user with the specified “Server Login” DN and password. For Active
Directory, you will usually need to have the server connect on the “Global Catalog port” (it is in the
6000s) and you need to create a low privilege LDAP user that the spam quarantine can bind as in
order to execute the search.
or as an authenticated user with the specified “Server Login” DN and password. For Active
Directory, you will usually need to have the server connect on the “Global Catalog port” (it is in the
6000s) and you need to create a low privilege LDAP user that the spam quarantine can bind as in
order to execute the search.
3.
The spam quarantine then searches for the user using the specified BaseDN and Query String. When
a user’s LDAP record is found, the spam quarantine then extracts the DN for that record and attempts
bind to the directory using the user records’ DN and the password they entered originally. If this
password check succeeds then the user is properly authenticated, but the spam quarantine still needs
to determine which mailboxes’ contents to show for that user.
a user’s LDAP record is found, the spam quarantine then extracts the DN for that record and attempts
bind to the directory using the user records’ DN and the password they entered originally. If this
password check succeeds then the user is properly authenticated, but the spam quarantine still needs
to determine which mailboxes’ contents to show for that user.
4.
Messages are stored in the spam quarantine using the recipient's envelope address. After a user's
password is validated against LDAP, the spam quarantine then retrieves the “Primary Email
Attribute” from the LDAP record to determine which envelope address they should show
quarantined messages for. The “Primary Email Attribute” can contain multiple email addresses
which are then used to determine what envelope addresses should be displayed from the quarantine
for the authenticated user.
password is validated against LDAP, the spam quarantine then retrieves the “Primary Email
Attribute” from the LDAP record to determine which envelope address they should show
quarantined messages for. The “Primary Email Attribute” can contain multiple email addresses
which are then used to determine what envelope addresses should be displayed from the quarantine
for the authenticated user.
IMAP/POP Authentication Process
1.
Depending on your mail server configuration, a user enters their username (
joe
) or email address
(
joe@example.com
) and password into the web UI login page. You can modify the Login Page
Message to tell your users whether they should enter a full email address or just their username (see
).
2.
The spam quarantine connects to the IMAP or POP server and uses the entered login (either
username or email address) and password to try to log into the IMAP/POP server. If the password
is accepted then the user is considered authenticated and the spam quarantine immediately logs out
of the IMAP/POP server.
username or email address) and password to try to log into the IMAP/POP server. If the password
is accepted then the user is considered authenticated and the spam quarantine immediately logs out
of the IMAP/POP server.
3.
Once the user is authenticated, the Spam Quarantine lists email for the user, based on the email
address:
address:
C380/C680
30
X1060/X1070
30
Table 27-4
Disk Space Available for Spam Quarantine
Model
Disk Space (in GB)